Security auditing tools

Preventsys tracks network compliance.

The growing number of security policies and regulations companies are required to follow - the Health Insurance Portability and Accountability Act and the Sarbanes-Oxley Act, for example - creates high demand for policy-compliance products. But how can you confirm your systems are configured appropriately and maintain that configuration over time? In our tests, Preventsys Network Audit and Policy Assurance 1.5 proved to be a flexible, easy-to-use product that earned accolades as a World Class Award designee.

Preventsys takes the results of vulnerability assessment scans and compares them with defined policies, looking for systems that are out of compliance. By default, open source tools Nessus and Nmap are used for scanning, but many third-party products, including Internet Security Systems' Internet Scanner and eEye Digital Security's Retina, also are supported. Preventsys uses XML  at its core, so you are only limited by your ability to get your audit results in an XML format that the Preventsys product can then analyze.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

The growing number of security policies and regulations companies are required to follow - the Health Insurance Portability and Accountability Act and the Sarbanes-Oxley Act, for example - creates high demand for policy-compliance products. But how can you confirm your systems are configured appropriately and maintain that configuration over time? In our tests, Preventsys Network Audit and Policy Assurance 1.5 proved to be a flexible, easy-to-use product that earned accolades as a World Class Award designee.

Preventsys takes the results of vulnerability assessment scans and compares them with defined policies, looking for systems that are out of compliance. By default, open source tools Nessus and Nmap are used for scanning, but many third-party products, including Internet Security Systems' Internet Scanner and eEye Digital Security's Retina, also are supported. Preventsys uses XML  at its core, so you are only limited by your ability to get your audit results in an XML format that the Preventsys product can then analyze.

The system comprises three main servers: the audit, compliance and database servers. The audit server runs scans. The compliance server performs all the analysis and processing of the scan results. Users tap into the whole system via a Web-based console that's communicating with the compliance server. The database (PostgreSQL by default, but Oracle also is supported) server stores all the data, both raw and analyzed.

Preventsys shipped three Shuttle systems containing 2.4- or 2.8-GHz Pentium 4 processors, each with 1G byte of RAM for our testing, but customers only receive the software and professional services for installation. The Web interface is intuitive and easy to use. We created new users, defined networks and hosts, and launched a scan in a matter of minutes.

We were impressed with the level of detail at all configuration levels. For example, user permissions are segregated between scanning, analysis, reports, remediation updates and remediation assignment activities. This segregation, combined with definable network/host permissions, means you could tailor its security parameters to fit almost any organizational structure.

Preventsys includes an array of default policies, such as the SANS Top 20 and or your own list of e-commerce servers. A number of policies also are developed from National Security Agency and National Institute of Standards and Technology guidelines. Additional policies that Preventsys developed are included in the built-in Policy Library Update function of the product. A rollback function also is available for easy removal.

Preventsys provides several methods to create and update policies. The most direct is to modify the XML code yourself. For a more template-driven approach, the Web interface includes some policy development functionality. A third option is to use the separate Windows-based Policy Lab application that Preventsys provides to design and create new policies.